SIGS Kick Off – IT Security Strategy 2017 and beyond:
Challenges & Priorities



Target Audience Information Security Professionals CIO’s, CISO, IT Manager, Security Engineers and all other persons who are responsible and interested in Security

Vendors, Suppliers and Consultants which don’t help to sponsor and therefore support this platform are not authorized to take part

CPE Credits Earn 4 CPE (Continuing Professional Education) for attending this SIGS event. Please request a confirmation.
Location AlpenRock House
Riedstrasse 4
8953 Dietikon
Date of Event 12th of January 2017
Language English
Schedule see agenda below
Participation Costs Fr. 95.— per participants
Speeches, Apéro, Dinner and all beverages included
Especially No contact details or email addresses will be provided to any sponsor. The presentations will not be published after the event – it’s a closed community!



2:00 – 3:00 pm Registration & Coffee
3:00 – 3:15 pm Welcome & Introduction by moderator Amar Singh, CISO and Founder at Cyber Management Alliance
Blood, Guts and Cyber – 10 steps to avoiding Cyber Armageddon
As we inch closer to total dependence on cyberspace businesses and governments remain unprepared for the “black swan events” and risk being caught with their “pants down”. Come and be part of an important movement by attending the launch of the SIGS event in 2017 where Amar Singh takes you through what we can do collectively to sow the seeds of certainty in an increasingly uncertain future.Amar Singh is an industry influencer and leader, founder of a not-for-profit organization and the Cyber Management Alliance and Chair of ISACA’s UK Security Advisory Group. Amar is engaged as a trusted business and cyber security advisor, mentor to C level executives, and a consultant to organizations who need to reduce their risk exposure, deploy post incident remediation, build security teams, increase cyber resiliency and mature their information security and data privacy posture.
3:15 – 3:45 pm Richard Meier, Leiter Stab Audit AX at Zürcher Kantonalbank
Risk-oriented Audit Planning
Defining our yearly audit plan: How we try to recognize actual and upcoming risks and set up adequate audit procedures in order provide reasonable assurance to our stakeholders.You will hear in this session where we see the biggest challenges as auditors in our daily work, how we address those and make our voice heard.Richard is responsible for maintenance and development of the processes from the audit function. He graduated in business economics from the University of St. Gallen (lic.oec.HSG) and has been working in different functions in the audit business for more than ten years.
3:45 – 4:15 pm Jean-Paul Kölbl, Chief Information Security Officer at Swisscard AECS
Risk Management of 3rd Parties: continuous risk measurement to better allocate mitigation resources
Enable Secure Business is the basic driver for all of my work. Information Security has to be an integrated part of the architecture, services and our organization which is delivering digital services to our clients and 3rd parties. There is no insecure business, only secure business will be sustainable and deliver cyber resilience. Practical concepts like risk based authentication, SOA Security or self-defending data are more and more implemented and are more than ever the basis for confidentiality, integrity, availability and usability.These and all other security concepts have to state a certain resilience also within exploring new business strategies and opportunities. Changing to Service Integration and Aggregation Management Organization combined with a supplier strategy to buy all services external when competitively available on the market will have an impact on the Risk Management.Find out what we have implemented at Swisscard to allow for a better Risk Management of 3rd Parties which process our data. We have developed within Swisscard a concept to address the issues and measure constantly the risk Level of our Suppliers: the 50 shades of Know Your 3rd Party.Since 25 years Information Security and Risk Management is Jean-Paul’s passion. More information you can find at
4:15 – 5:00 pm Break
5:00 – 5:30 pm Markus Bruetsch, VP Corporate Security at
Nagravision SA
Digital Transformation! Cloud Computing! Security?
As companies with traditional IT departments, legacy applications and divers user population embark on the path to Digital Transformation and cloud computing, a shift in the Information security mind set is needed. This includes the way the Information Security Team is delivering the services as well as how the user populations view Information Security in the daily operations.In this session we will look at the steps and the approach the Security team takes and the contributions to the Digital Transformation and the shift in the Security Mindset within the company.Markus Bruetsch is responsible for the Corporate Security at the Kudelski Group in Lausanne. He leads a team of Security Specialists to support the Digital Transformation of the group, the deployment of Could computing and the implementation of the worldwide hubs. In his prior position as Information Security Officer with a Swiss TelCo he managed the PKI infrastructure, the Certifications Audits and deployed Could Security solutions for international enterprise customers. Markus worked for 25 years in the US in a variety of IT Management and Info Sec positions, holds the CISSP certification and is a Diplom Biersommelier.
5:30 – 6:00 pm Urs Schmid, IT Security Officer at Manor AG
Keeping the pace without neglecting the base
The situation of risk and thread has substantially changed over the last years. “Cyber” … is the buzzword and all actors ask for a new strategy to become cyber resilient, APT proof and immediately cyber incident responsive.Building a new security strategy from ground up seems inevitable. But is this really true? Do we have to forget everything we know as everything has changed? The speaker does not really believe in that. He is sure that a company can keep the pace without the necessity of a complete security strategy reconstruction. His approach: Keep the timeless parts, adopt them to the changes and supplement them with the new elements to (re)form a ruggedized, lasting security plan with the risk pentagon as cornerstone.Urs Schmid is IT Security Officer at Manor AG. He is responsible for Manor’s information security strategy, seeking the optimal balance between business needs and security demands and regulations.
He is a Certified Information Security Manager (CISM), ITIL Expert, ISO27001 Lead Auditor and PCI-DSS ISA.
His IT career started 1974 in production control. Programming, analysis, system engineering and consulting in various companies, thereof 15 years with computer manufacturers, led him to his actual position he now holds since 2002.
6:00 – 6:30 pm Podiums Discussion moderated by Amar Singh
6:30 – 7:15 pm Apéro
7:15 – 8:30 pm Dinner (buffet with hopefully something for everyone)
8:30 – 9:00 pm Marc Ruef, Head of Research at scip AG
Death over IP
Life is precious. And so is health data. The data exchange in the Darknet shows that medical data is traded for good money. The health business needs to catch up with modern information security requirements to prevent such breaches. An important part of e-health is the security and safety of medical devices.Our research team did an extensive analysis of multiple devices currently deployed at multiple hospitals and laboratories all around the world. Killing people is not just a phantasy overhyped by the media. It is possible. We will show how it can be approached, which countermeasures are possible and what comes afterwards.Marc Ruef is Head of Research at scip AG in Zürich. His team is responsible for a wide variety of research activities addressing current and emerging aspects within the field information security. One of the ongoing topics is IoT and medical devices. He published several books whereas “The Art of Penetration Testing” became quite popular among professional security analysists.
9:00 – open end Desert, Networking and Know How Sharing to the topic IT Security Strategy 2017


The Sponsors of this event are:



This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

So don’t wait and register here

Cancellation Policy
Cancellations of registration are free of charge until 60 days prior to the event. Cancellations received after this point will incur 50% of the admission fee. 30 days prior to the event we have to invoice the full amount if you cancel. You will get back payment for the respective amount.
In any case, however, a delegate may be sent at no additional cost

Register here

Event Partner

Earn CPE Credits for
attenting SIGS Events

Mobile Menu